The embedded gesture recognition enables users to enter individual confirmation gestures or write their PIN numbers directly on the card with their fingertip. A capacitive touchpad with direct sampling FIR noise filtering1 captures the gesture-based information in their unique way of writing. Only when the confirmation gesture or the PIN is entered correctly will the data stored in the secure environment of the SmartMX be transferred in encrypted manner.
The Smart Authentication system can be used in contactless, NFC, contact or dual-interface mode. A battery is not required and in contactless mode the system is completely powered from the reader field or an NFC-compatible smartphone. Next to the SmartMX P5CD145 (Secure Element) an LPC11A14 (ARM Cortex M0) comprises the capacitive proximity sensing interface as well as the high speed gesture recognition. User feedback may be provided by low-profile LEDs, by smartphone vibration or audio feedback. In contactless mode the supply voltage is provided by a low-dropout regulator (LDO) directly from the rectified antenna voltage. Total power consumption is kept below 35 mW to enable NFC operation.
The integrated touchpad provides two-dimensional position information to the trainable gesture recognition. A center-of-gravity algorithm enables a position resolution of 80 dpi from a 3x3 capacitive sensor matrix at a sample rate of 128 samples/s. 10ms are required for character recognition at a CPU clock of 12 MHz. The flexible recognition algorithm supports a large variety of code alphabets without a need to localise the firmware.
For tamperproof integration into eID documents the Smart Authentication system is assembled on a flexible inlay that seamlessly integrates into a standard ID1-sized document. For banking applications an optional ISO7816 contact interface may add compatibility with standard ATMs and POS readers.
In a typical mobile transaction scheme an NFC-compatible smartphone is sufficient to connect the authentication card to a server-based application. Only upon successful entry and verification of i.e. an Android-style confirmation gesture sensitive user information can be forwarded from the card’s secure element to the online application. Key loggers or malware may only intercept encrypted communication. A good step towards trust.
Smart Authentication technology brings touchpad like capabilities to smartcards; adding confirmation gestures and multifactor authentication with secure entry of a distinct PIN. This technology enhances payment security on the card itself, requiring less functionality from external hardware (readers with pin pads) and software, thereby lowering system costs. NFC support enables mobile transaction schemes. It gives consumers as well as dealers greater freedom by better control of e.g. payment transactions. Existing multifactor authentication technologies basically involve combining three factors:
1. Something the user knows (PIN)
2. Something the user has (smartcard)
3. Something unique to the user (individual writing dynamics).
This increased level of security addresses three major payment fraud scenarios:
1. Card-not-present (CNP):
2. Man-in-the-middle or Skimming:
P5CD145(Secure Element), LPC11A14 (Cortex M0)